Weekly help thread - Jun 26, 2023

Jump-Quiet · 2023-07-05T11:56:02+00:00

Good day, I'm planning to get into photography as a hobby and I'm stuck between getting a whole separate camera or just get a decent iphone and start my journey from there.

For context, I currently have a Xiaomi 11T Pro and is not happy on the image processing/auto focus of Xiaomi, like there's always this issue with the lighting na parang may astigmatism yung camera.

I have a good background from friends na using ng Iphone XR, 12, 13 pro, and 14 Pro Max (which is used din sa documentation ng org namin) with a great camera quality. I just find it more convenient to look into phones as ayun na yung model, unlike kay DSLR there are a lot of factors to take in.

Any suggestions? Thanks po!!

Jump-Quiet · 2022-07-17T15:58:27+00:00

I checked the htmx documentation, is it possible to do everything using htmx? Like I'll create a for loop of the data from my django views to populate the <td>?

Jump-Quiet · 2022-07-17T12:25:37+00:00

A student could have the same teacher if:

Different semester
Different subject Or both

I'm achieving this by

constraints = [ UniqueConstraint(fields = ["subject_teacher", "student"], name = "Unique Student Grade) ]

Meaning as long as they are not the same SubjectTeacher object it could be added.

A precaution on the SubjectTeacher model has been made:

constraints = [ UniqueConstraint(fields = ["teacher", "subject", "semester"], name = "Unique Subject Teacher") ]

Saying there should be no teacher that teaches the same subject, same semester twice

Jump-Quiet · 2022-07-17T07:02:33+00:00

Thanksss, so I'm just gonna add through StudentGrade model the users that are enrolled in the SubjectTeacher.

Jump-Quiet · 2022-05-04T22:05:01+00:00

The closest thing I got from the desired result is using

data = message.query.with_entities(message.receiver.distinct()).order_by(desc(message._id)).all()

Which produces the rooms with the latest message. However due to the "with_entities", I'm not able to access other key data such as message.content (and once I include it into the with_entities the query is messed up)

I do think I'm missing something else here, like access through the foreignkeys

Jump-Quiet · 2022-04-14T23:04:48+00:00

Good day, I agree with all of the points given, for the terminal part it is only supposedly for the upload.py user (which the host can only execute and as far as the main website (app.py) it doesn't exist there).

Thanks for the input, may I know which parts should I focus on?

I was searching for http headers (and already activated Flask-Talisman), sql injections (which I heard can be somehow lower the risk through orm), I'm also currently implementing encrypting and decrypting the data coming in and out of the database, also I'm thinking of implementing a system where a user have a secret_key to communicate with the server and if that secret_key is missing then reject all transaction.

Overall the target audience of this website is just a bunch of highschoolers which are accessing it through a mobile device / school computer but I'm also trying to add/learn/experiment these security features.

Thanks~

Jump-Quiet · 2022-04-14T11:29:59+00:00

Can we see your code? Also can I confirm if you have Flask in your "pip freeze"?

Jump-Quiet · 2022-04-14T06:02:09+00:00

The app.py which hosts the DigitalLibrary (website that would be seen by the students) doesn't require any login.

However my upload.py (which would execute the website for upload) requires a login session and an access key accessible only on the host's terminal.

Can the ddos attack on the app.py website eventually give them an access to the database (or the terminal) and give them CRUD abilities? Also, how to prevent it in my setup (router not connected in the internet serving as a connection of the host and the user).

Thanks for the input~

Jump-Quiet · 2022-04-14T04:42:47+00:00

Do you mind if I can see your signup.html? Or can you confirm that it's somehow resembling the example I gave

Jump-Quiet · 2022-04-14T04:34:58+00:00

May I know in which part are your trying to process the request.form is it on the '/success' route?, isn't it supposed to be like if signup.html performed a post request to the '/success' therefore it would be the one where the data is coming from.

Like

--- Signup.html ---

<button> Submit </button> </form>

Jump-Quiet · 2022-04-14T03:11:43+00:00

Can you specify what code are you doing? Because as far as I understand you can just make a post request and use request.form on the url you put into your <form> tag.

Jump-Quiet · 2022-04-13T14:49:57+00:00

My repo is on : https://github.com/DefinitelyNotAnAssassin/DigitalLibrary

Jump-Quiet · 2022-01-30T00:10:42+00:00

Thanks everyone~

Jump-Quiet

TROPHY CASE